CVE-2013-7424

Priority
Description
The getaddrinfo function in glibc before 2.15, when compiled with libidn
and the AI_IDN flag is used, allows context-dependent attackers to cause a
denial of service (invalid free) and possibly execute arbitrary code via
unspecified vectors, as demonstrated by an internationalized domain name to
ping6.
Notes
 mdeslaur> introduced by https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=34a9094f49241ebb72084c536cf468fd51ebe3ec
 mdeslaur> lucid doesn't look vulnerable
Package
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (2.19-0ubuntu6.5)
Package
Source: glibc (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Patches:
Upstream:https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=2e96f1c7
More Information

Updated: 2019-03-19 12:13:44 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)